Import tmux-3.6b (previous was tmux3.6a)
CHANGES FROM 3.6a TO 3.6b
* Remove images from the correct list when they are removed while in the
alternate screen (reported by xlabai at tencent dot com).
py-music21: update to 10.3.0
Music21 v10.3 is an incremental and backwards-compatible improvement to the v10 line that was released earlier this month. Highlights include proper tempi/metronome marks on score excepts via .measures(start, end) by @oxygen-dioxide, MIDI ability to skip the second-or-so delay before ending the MIDI file (by @SAY-5). Bug fixes on Fractions (by @jacobtylerwalls and me). Support for scores and audio in the marimo notebook system. And paradigms I learned from presenting music21 at PyCon 2026 in Long Beach (stricter Agents and issue policy; using Agents to fix problems with RST)
What's Changed
Stricter Agents w/ PR and Issue policy by @mscuthbert in #1894
Stream.measures(): collect MetronomeMark by default by @oxygen-dioxide in #1895
midi: addEndDelay=False to skip trailing rest on export (AI) by @SAY-5 in #1896
Standardize "* New in vX:..." by @mscuthbert in #1897
Bump idna from 3.13 to 3.15 by @dependabot[bot] in #1898
Add missing opFrac() to extendDuration() by @jacobtylerwalls in #1900
Support marimo notebook by @mscuthbert in #1899
Find other missing fraction conversions (opFrac) by @mscuthbert in #1901
Fix RST Problems by @mscuthbert in #1902
polish music21 for v10.3 by @mscuthbert in #1903
mail/dmarc-report-viewer: import dmarc-report-viewer-2.5.1
A lightweight selfhosted standalone DMARC report viewer that
automatically fetches input data periodically from an IMAP mailbox.
Ideal for smaller selfhosted mailservers to browse, visualize and
analyze the DMARC reports.
The application is a single fully statically linked executable
written in Rust. It combines a DMARC report parser with an IMAP
client and an HTTP server. The embedded HTTP server offers a web
UI for easy access and filtering of the reports.
Packaged by wiz as wip/dmarc-report-viewer.
PR/59452: Marcin Gondek: Add a new mount flag "nowccmsg" to suppress printing
wcc-related messages. Apparently some synology server is causing them. This
just suppresses the messages, but does not change the behavior of the client.
dropbear: updated to 2026.91
2026.91 - 10 May 2026
- scp: Fix test for disallowing -r with existing target directory. The logic
introduced in 2026.90 was incorrect, could also disallow non-recursive
transfers.
- scp: Fix regression in 2026.90 building on older glibc or other libc.
reallocarray() was required, it is no longer needed.
- Compression is now disabled by default for dbclient. A new -o compression option
can enable it. DROPBEAR_CLI_COMPRESSION in localoptions.h can change the default.
Enabling compression can be a security weakness in some
circumstances, as the size of network traffic may leak information
about the encrypted data.
- Added '-Q' argument for dbclient and dropbear to query supported algorithms,
kex sig cipher mac compress
pcsc-lite: updated to 2.5.0
2.5.0: Ludovic Rousseau
27 May 2026
- Do not limit to 16 readers only
- Remove support of autotools
- Fix a crash when rescanning serial configs
- Fix a memory leak in Polkit
- tokenparser: avoid a crash with corrupted Info.plist files
- Some other minor improvements
py-google-auth-oauthlib: updated to 1.4.0
1.4.0 (2026-05-06)
Bug Fixes
Drop support for Python 3.9
replace deprecated utcfromtimestamp in google-auth-oauthlib
py-myst-parser: updated to 5.1.0
5.1.0 - 2026-05-13
New Features
- Add `"alert"` syntax extension for [GFM alerts](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts) (e.g. `> [!NOTE]`), see [](syntax/alerts)
- Add `"gfm_autolink"` syntax extension for [GFM autolinks](https://github.github.com/gfm/#autolinks-extension-), see [](syntax/gfm-autolink)
- Add `myst_strikethrough_single_tilde` [config option](sphinx/config-options) to allow single tilde (`~`) for strikethrough
- Add `myst_colon_fence_exact_match` [config option](sphinx/config-options) to require the closing colon fence to have exactly the same number of colons as the opening, see [](syntax/colon_fence)
Improvements
- Update [`myst_gfm_only`](sphinx/config-options) mode to use the unified `gfm_plugin`, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling
- Improve MathJax 4 compatibility for Sphinx 9
- Stop directive-option parsing at colon fences, fixing nested colon fence directives
Bug Fixes
[4 lines not shown]
py-sphinx-issues: updated to 6.0.0
6.0.0 (2026-03-13)
Backwards-incompatible: Remove implicit extraction of group/project from GitHub URLs in issues_uri. If you relied on setting _only_ issues_uri (e.g. https://github.com/myuser/myproject/issues/{issue}) without also setting issues_github_path or issues_default_group_project, you must now explicitly set one of those options in your conf.py:
Before:
issues_uri = "https://github.com/myuser/myproject/issues/{issue}"
After:
issues_github_path = "myuser/myproject"
Support Python 3.10-3.14. 3.9 is no longer supported, as it is EOL.
Pin lower bound of Sphinx to 8.1.0 (see "Sphinx version support policy above").
py-tornado: updated to 6.5.6
6.5.6
Security fixes
SimpleAsyncHTTPClient now strips the Authorization and Cookie headers from the request when following a redirect to a different origin. This matches the default behavior of CurlAsyncHTTPClient. Applications that need different behavior here can set follow_redirects=False and handle redirects manually. Thanks to [Yannick Wang](https://github.com/noobone123) for being first to report this issue, as well as additional reporters [Kai Aizen](https://github.com/SnailSploit), [HunSec](https://github.com/0xHunSec), and [Thai Son Dinh](https://github.com/sondt99).
SimpleAsyncHTTPClient now enforces max_body_size on the decompressed size of the response, rather than the compressed size. This prevents a denial-of-service attack via a very large compressed response. Thanks to [Yuichiro Kedashiro](https://github.com/yuui25) for reporting this issue.
Fixed a bug in the C extension that could have read up to three bytes past the end of an input array. Thanks to [Thai Son Dinh](https://github.com/sondt99) for reporting this issue.
OpenIDMixin has improved parsing for the check_authentication response. Thanks to [Yannick Wang](https://github.com/noobone123) for reporting this issue.
Bug fixes
CurlAsyncHTTPClient has been updated to use non-deprecated APIs, avoiding deprecation warnings with recent versions of pycurl.
py-apache-libcloud: updated to 3.9.1
Changes in Apache Libcloud 3.9.1
Compute
- [VSphere] Add verify_ssl option
Add verify_ssl option, to enable the user to avoid SSL verification explicitly.
- [OpenStack] Initial Blazar support
This is an initial implementation of Blazar support in Libcloud. It currently
supports listing the available leases and hosts.
- [Azure ARM] Update US GovCloud AD endpoint for AZURE_ARM provider.
- [OpenStack] Add hypervisor_hostname attribute to OpenStack node.
- [GCP] Use the fully-qualified name for the GCP IMDS endpoint.
- [Azure ARM, Amazon S3] Add signed upload to azure and s3.
- [RcodeZero]: Fix issue when adding a record where a record with a different type already exists
DNS
[8 lines not shown]
py-sphinx-autodoc-typehints: updated to 3.10.3
3.10.3
Show version in error tracebacks
Support PEP 695 type statement and python 3.12+ TypeAliasType
Fix typehints_formatter cache warning
fix(stubs): resolve type hints for PyO3 native submodules
py-test_socket: updated to 0.8.0
0.8.0
Enhancements:
Block DNS resolution (getaddrinfo, gethostbyname) when sockets are disabled
Support CIDR network ranges in allow_hosts
Warn before raising on a blocked socket call
Cache hostname resolutions during a test run
Changes:
Removed support for Python 3.8 and 3.9. Python 3.10 is now the minimum.
Test against Python 3.13, 3.14, and free-threaded 3.13t/3.14t
Replaced Poetry with uv
Added type hints
Swapped pytest-httpbin for a local test fixture
Dependency, CI, and development updates
cargo-deny: added version 0.19.8
cargo-deny is a cargo plugin that lets you lint your project's dependency graph
to ensure all your dependencies conform to your expectations and requirements.
PR bin/58609 - enable locale var internal manipulation
sh now recognises the (standard) set of locale variables, and in addition
to setting up the locale environment to match those in the environment at
startup (which it has done for ages), now also causes alterations to those
variables while the shell is running to take immediate effect inside sh,
which can affect how the shell operates in some limited aspects - previously
such updates would be passed to exec'd child processes (not subshells)
if the variables are exported, and not affect the running shell at all.
See the PR, and the updated sh(1) man page, for details.
This is a feature enhancement, no pullups (not even to -11) are planned.